Policies. The section.io security policies and procedures are focused on preserving security in our systems, processes, and practices.
Information Security Team. Our security team works across the entire business to secure and protect any sensitive information related to the section.io service. This team also formally reviews policies and procedures.
Risk Management. section.io undertakes risk assessment practices to understand, prevent and manage and information security risks.
Employee Screening. section.io screens new employees before they join the section.io team and these screening activities may include criminal background and reference checks.
Confidentiality. section.io employees are required to agree to protect and preserve any information they may view, process, or transmit as part of their job functions where that information may be deemed sensitive.
Security Training. section.io trains our team to protect sensitive information and the devices they use. This training will include new hire awareness training and annual or ad-hoc training as required.
Personal Data Transfer. See our terms of service for additional information about regarding processing of personal data. The section.io services by default do not process personal data.
Change Processes. section.io follows a procedural process when developing and deploying changes to technologies. Changes considered include systems and software which form the section.io service
Change Testing. During the stages of development, section.io will test changes. In advance of moving a proposed change to a production system, section.io's team will confirm tests are successful.
Change Notification. section.io prepare change notices to maintain awareness among the team. These notices are reviewed and approved by relevant team members involved with system management.
Change Review. Following the introduction of changes to the production systems, section.io review and agree changes have been successful.
Access Requests. section.io documents requests for access to the section.io systems. Our team responsible for security, will then approve and grant access only where appropriate.
Access Management. section.io amend any employees' levels of access to the section.io systems subject to any change in an employee's role and/or responsibilities at section.io.
Access Review Process. section.io reviews access levels across the team and systems to ensure the appropriate access to section.io systems and data is maintained.
System Authentication and Account Access
User Accounts and Privileges. section.io assigns unique accounts per user to each user who needs to access section.io systems so we can manage, understand and enforce user-level accountability.
User Roles and Access Privileges. Roles and access levels are assigned to users to restrict access per system to the level required for each individual users to conduct their responsibilities.
Two factor authentication. section.io systems require two factor authentication.
Secure development practices and processes. section.io trains our development and operations teams to prevent common vulnerabilities.
Network and infrastructure
Security Scans and Tests. section.io performs vulnerability scans and security tests on the section.io systems. section.io considers and deals with the findings of these scans and tests in an appropriate way in order to assist with maintaining system security.
Standards for System Configuration. For maintenance of system security, section.io has documented Standards for System Configuration which the team is required to follow. These standards cover a range of system configuration elements including (but not limited to) ports, services and protocols.
Security Patching. section.io monitors lists of security vulnerabilities so that when new items are raised, those vulnerabilities can be addressed immediately. Patches and updates are applied subject to the time frame necessary for criticality of the vulnerability identified.
Encrypted Data Transmission. section.io's platform supports TLS and will provide customers with a solution to encrypt connections to end users and to the customers' origin servers.
Encryption Keys. To maintain security of customer Encryption Keys, section.io protects access to the encryption keys provisioned by section.io customers.
Continuity and Availability
Fail Over. section.io's network is built to support fail over of traffic from any individual delivery node (PoP) within a network should that PoP become unavailable for any reason. In addition, section.io can move customer data to alternate networks without any interruption should for some reason an individual network provided by section.io become unresponsive.
Redundancy. Leveraging major cloud providers such as AWS and Azure, section.io has multiple services and peering access points available to the section.io networks.
Monitoring. section.io's operations teams monitor a wide range of alerting interfaces to detect, monitor and understand degraded or otherwise detrimentally affected services 24x7x365.
Reporting. section.io keep customers updated using real time alerting tools and methods (such as status.section.io). For specific customer issues, section.io may contact a customer directly.
Response Plan. section.io has a documented response plan to bring to bear in the case of an incident on the section.io platform or systems. The plan is reviewed and updated subject to the changing nature of the section.io platform and threat profile of the Internet. the plan include communication processes, systems and team management.
Notifications of Unauthorized Access. section.io will notify customers who may be affected by any validated breach of the section.io systems or any unauthorized disclosure of that customer's confidential information.
Analysis, Monitoring and Detection
Analysis. section.io aggregate and securely store logs reflecting the activity on section.io systems. section.io monitor these logs to understand, alert, diagnose and manage security threats and or incidents.
Monitoring. section.io use a number of systems to track system changes and ensure accountability and enforcement of the section.io security standards.
Detection. section.io has systems to help surface potential threats, incidents and intrusions. The section.io team will be alerted to anomalies in these detection systems.
Cached Data. Temporarily cached data (what data, where and for how long) is managed by section.io customers. From time to time, section.io may directly manage these settings on behalf of the customer should the need arise per law as customers permit.
IP Addresses. section.io may retain indefinitely any non-anonymized, non-aggregated client or subscriber IP addresses associated with suspicious activity that may pose a risk to the section.io network or our customers, or that are associated with administrative connections to the section.io service.
HTTP Requests. Customer and end-user content which passes through the section.io network in response to requests launched by end-users creates data in the section.io systems which section.io use over time to monitor and manage the section.io system reliability, availability, performance and security.
Physical Security. section.io relies on major cloud infrastructure providers such as AWS and Azure which have PCI compliant data centers and the physical environment security which accompanies these standards.
Business Continuity. section.io has deployed PoPs across a number of zones and networks and as such can seamlessly move customer traffic between nodes and/or networks without customer downtime.
If you have any questions about security on the section.io website, please email us at firstname.lastname@example.org.
Last updated: 28th June 2017